How to Disable Gatekeeper and Allow Apps From Anywhere in macOS Sierra

Posted by Jim Tanous on June 23, 2019

Gatekeeper, first introduced in OS X Mountain Lion, is a Mac security feature that helps protect your Mac from Malware and other malicious software. Gatekeeper checks to make sure the application is safe to run by checking it against the list of apps that Apple has vetted and approved for the Apple Mac Store and/or approved by Apple even if not offered through the app store. These are the three Gatekeeper options:

App Store

App Store and Identified Developers

Anywhere

In macOS Sierra, however, Apple made some important changes to Gatekeeper that seemingly limit the choices of power users who want to download and use the software beyond the list of apps officially approved by Apple.

But don’t worry, Gatekeeper settings can still be changed in macOS Sierra to allow you access to software that’s not officially approved by Apple. The understanding is that users who disable Gatekeeper protection do so at their own risk as you have to be an experienced Mac user to avoid Malware and other malicious software.

Adjust the Gatekeeper Settings

Traditionally, Gatekeeper offered three settings of increasing security: anywhere, App Store and identified developers, and App Store only. The first choice, as its name describes, allowed users to launch applications from any source, effectively disabling the Gatekeeper feature.

The second choice allowed users to run apps from the Mac App Store as well as from software developers who have registered with Apple and securely sign their applications. Finally, the most secure setting limited users to running apps obtained from the Mac App Store only.

While the secure options were good ideas for less experienced Mac users, power users found Gatekeeper to be too limiting and typically sought to disable it by setting it to “Anywhere.“

In macOS Sierra, however, the “Anywhere” option is gone, leaving “App Store” and “App Store and identified developers” as the only two options.

Disable Gatekeeper in macOS Sierra from Terminal using a command

The Gatekeeper settings can be found in System Preferences > Security & Privacy > General. The Gatekeeper options are located beneath “All apps downloaded from:” with the choice of “Anywhere” missing. With the “Anywhere” option missing, many Mac users thought that Apple had completely taken away the “Anywhere” option.

Thankfully, Apple didn’t turn off the ability to change the Gatekeeper setting to “Anywhere” it just started requiring users to do it from the terminal with a command, which was a way for Apple to ensure that only macOS power users would likely change the Gatekeeper setting to “Anywhere.” For the most part, only macOS power users know how to use the terminal.

To disable Gatekeeper (i.e., set it to “Anywhere”) from the command line, open a new Terminal window then enter the following command:

$ sudo spctl --master-disable

Since you’re using “sudo” you’ll be prompted for your Mac’s root (admin) password. Enter your root password and the command will change the Gatekeeper setting to “Anywhere.”.

If you want to confirm that the Gatekeeper setting has been changed to “Anywhere” you can launch System Preferences and check the Gatekeeper “Allow apps downloaded from” setting. You’ll now see that “Anywhere” is the Gatekeeper setting. Click the padlock in the lower-left corner to enter your password and make changes, then select “Anywhere” from the list of Gatekeeper options. The security feature will no longer bug you about apps from unidentified developers. You’ll also notice that since you ran the command to change Gatekeeper’s “Allow Apps downloaded from” option to Anywhere that option is now listed in the interface as shown in the screenshot below.

Temporarily Bypass Gatekeeper

Despite its potentially frustrating limitations, Gatekeeper is indeed an important security feature that can prevent you from accidentally launching malicious applications. If you prefer to leave Gatekeeper enabled but still need to occasionally run an app from an unidentified developer, you can temporarily bypass Gatekeeper by opening the app from the right-click context menu.

To illustrate, when you attempt to open an app from an unidentified developer while Gatekeeper is enabled, you’ll receive the following alert telling you the app can’t be launched:To temporarily bypass Gatekeeper, right-click (or Control-click) on the app’s icon and select Open.You’ll still receive an alert message, but this time it’s only a warning. Clicking Open again will launch the app.

Restore Sierra Gatekeeper Settings to Default

If you’ve enabled the “Anywhere” option by using the Terminal command above and later want to reverse it, you can head back to Terminal and run this command:

$ sudo spctl --master-enable

This command reverses the spctl --master-disable command that you ran to set Gatekeeper’s “Allow app downloads from” setting to “Anywhere.”

I still see applications are run from a temp folder and not from the applictions folder. I tried manually editing preferences file of such apps but after opening and closing they are reset again to this temp folder. But i did add the Anywhere option again.Does anyone know some more trick for this?

Your issue appears to be because Gatekeeper has some apparently deliberately obfuscated security that is called GateKeeper Path Randomization. This deliberately and secretly vandalises any attempt to modify installed applications.I can’t find any way to turn gatekeeper off (this article doesn’t help here) but if you copy your app into the Applications directory in finder then you may find it now works… or you may not.It’s vaguely documented here https://bugs.eclipse.org/bugs/show_bug.cgi?id=507328 where your mac allows you to launch eclipse set a workspace install some addons and them mostly forgets about this as soon as you restart. I can see that preventing modification might be considered a security feature but allowing modification and then removing the modifications without warning seems a deliberate attempt to break applications – perhaps a way to extort money from developers who need to pay to get things signed?

sigh, probably in the next update this is going too.i hated Iphone and Liked Mac for the exact same reason, iphone is too walled.mac is going to same route, probably next option is to move to Chrome OS

My comment with a link is awaiting moderation, but Google “/etc/sudoers is owned by uid 1, should be 0” since it’s some sort of permissions issue and that line is where the problem is. There’s a guy in the first post that shows up for me who might have a fix with the chown command.chown root:root /etc/sudoers

Impossible for me.Gonzalo-Guiraos-iMac:~ gonzaloguirao$ sudo spctl -–master-disablesudo: unable to stat /etc/sudoers: Permission deniedsudo: no valid sudoers sources found, quittingsudo: unable to initialize policy pluginIt tells me to put it to the trash, when I try control Open